What hasn't changed for decades, is that each user should at least spend some time thinking about what is on their device and how painful total compromise might be to them.
This makes general answers about the merits of software easily out-dated in a month's time (let alone the two and a half years that have passed since this question was first asked). The calculus of whether running a specific antivirus package is a moving target (vendors typically react to bugs and threats - so what was true yesterday may not be true tomorrow). With a small investment of time, you can significantly decrease the need for additional anti-virus protection on OS X. This means that most of the recent exploits rely on people unintentionally sabotaging themselves by self-defeating built in defenses. The good news, is macs have a built in multi-layered defense system against virus and trojan/malevolent software.
Historically and for many years the scarcity of viruses, trojans and other malware that spread widely or affect a broad cross-section of Mac users has contributed to a perceived complacency about good security hygiene. This "immune system" consists of sandboxed application design, entitlements to let developers express intent when they need out of the sandbox, signed code to prevent modifications that turn a known app malicious, App Store distribution, system integrity protection, XProtect file quarantine mechanism with a free online update service.
The simple fact is that malware has always existed for Mac OS (OS X and macOS), so the statement that a Mac can't get malware is patently, demonstrably and dangerously false.Ī second fact is that Apple has done a good job with technology to make the macOS ecosystem largely immune to most threats.